What to look for in a network security audit

Ask the Expert

What to look for in a network security audit

What information should I look for when I do a network security audit?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
  • By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

  • Safe Harbor

This is a short question with a potentially huge answer! A thorough network security audit would start with a network discovery exercise, using a tool like SolarWinds Inc.'s Network Sonar to identify all the devices on the network. This would be followed by a common port scan of the identified devices, using Nmap or SuperScan to look for unused services and locate admin interfaces on devices such as routers, switches, access points, etc.

Next, I would run authenticated vulnerability scans against a representative selection of devices -- the QualysGuard appliance is excellent for this, but Nessus and other scanners provide a good alternative, providing they are configured correctly (beware of causing denial-of-service or other outages).

Lastly, I would compare system configurations with best practice, again for a representative selection of devices, using manual techniques. Best practice will depend on the systems you are using (Cisco vs. Microsoft vs. Unix, etc.). Generally, I advise people to look at the National Security Agency (NSA) and Center for Information Security (CIS) standards documents, although some of their more rigorous settings may need to be relaxed for some commercial environments.

This was first published in October 2009


COMMENTS powered by Disqus  //  Commenting policy